The popularity of on-line services has grown due, at least in part, to the increased availability and reliability of broadband connectivity over the Internet. Typically, users can conveniently access a wide variety of available offerings. For example, users can participate in social networking, download music and video, search the Internet for information and resources, engage in banking and other financial transactions, make purchases of goods and services, take on-line classes and/or develop skills, play games or engage in other entertainment on their own or with other on-line users, communicate with other users around the world, and perform other activities and tasks.
In order to gain access to an on-line service in some cases, it may be necessary for users to establish their identity with the service provider through a process called authentication. Authentication is commonly performed through the use of logon credentials such as a user ID and password. If the user has knowledge of the credentials, it can be assumed that the user is authentic and legitimate. One weakness of using only logon credentials is that they are susceptible to being accidentally revealed, lost, or stolen. As a result, some services may require a more in-depth authentication process that relies upon a digital certificate that is issued and verified by a certificate authority using what is known as public key infrastructure (“PKI”) security model which relies upon asymmetric (i.e., public key) cryptography. Under PKI, a private key is used for digital signing and authentication, and the certificates are used to distribute a public key portion of a PKI key pair.
But while a unique certificate can provide evidence that a user has the right to access an on-line service, under current PKI methodologies, the certificate is vulnerable to being used to improperly identify and/or track the user. In addition, third parties may attempt to gain access to a private key and intercept information intended for a user to thereby compromise the integrity of the PKI security model.
This Background is provided to introduce a brief context for the Summary and Detailed Description that follow. This Background is not intended to be an aid in determining the scope of the claimed subject matter nor be viewed as limiting the claimed subject matter to implementations that solve any or all of the disadvantages or problems presented above.